Certificate error when using a web browser to view the Endpoint Protection Manager console

You see certificate errors when using a web browser to view the Symantec Endpoint Protection Manager console.

One or more of the following scenarios may occur:

When you connect to Symantec Endpoint Protection Manager you are warned by your web browser that there is a problem with the security certificate. The warning may appear as soon as you access the remote console Web page.

When connecting to the Symantec Endpoint Protection Manager Web Console using Firefox, the first three tabs (Home, Monitors, and Reports) do not display, and you see the message "Your connection is not secure" (error code: sec_error_unknown_issuer), with no option to add the certificate to trust.

The web browser does not have a certificate for a remote Symantec Endpoint Protection Manager console, or the certificate has not been installed.

To resolve this, you need to install the manager's certificate as a trusted root CA. This certificate may be the self-signed version that comes with the product, or a custom certificate that you've provided.

Before you begin

This document describes a procedure for installing a self-signed certificate to the Trusted Root Certification Authorities store on most Windows operating systems, which is unsupported and are provided for your convenience only. Due to the nature of this procedure, Symantec Technical Support cannot provide support for this procedure.

Install the certificate

To use this procedure, you must be logged on to the computer as Administrator. In Windows Vista and later, you must start the browser with Administrator privileges (right-click on the browser icon and click Run as administrator; for Windows 8, search for the program name in the Metro start screen, right-click on the program name and click on Advanced, and then click Run as administrator.)

You need only perform this procedure once for any of the consoles that reside on the same host, but you will need to repeat these steps if a new certificate is installed or regenerated.

To install the certificate, perform the following steps, depending on your browser:

Internet Explorer

Start Internet Explorer with Administrator privileges, and in the address box, type the following URL where hostname is the IP address or computer name of the server where the manager is installed:

http://hostname:9090

Click on Symantec Endpoint Protection Manager Web Console.

On the certificate alert screen ("There is a problem with this website's security certificate"), click Continue to this website (not recommended).

In the address bar, click the red Certificate Error alert.

In the Security Alert dialog box, click View Certificates. Under Issued to, look at the host name and confirm that it is identical to the name you used in Step 1. If they are different, start over on Step 1, using the exact name listed on the certificate.

Click Install Certificate to launch the Certificate Import Wizard.Note: The Install Certificate button may not be visible until the server is added to your browser's Trusted sites.

For Internet Explorer 10 (requires 12.1.2 or later), ensure that you select Current User for Store Location. Otherwise, just click Next.

Click Place all certificates in the following store, click Browse, and then click Trusted Root Certification Authorities.Note: You may need to check Show physical stores, then under Trusted Root Certification Authorities, click Local Computer. This allows the certificate to be trusted by all users on this computer, rather than just the current user.

Click OK, click Next, and then click Finish.

Look for the Security Warning dialog. If you do not see it, your certificate is not imported. In the Security Warning dialog, review the URL and other information. If it is correct, then click Yes to install the certificate.

Firefox

Note: If you are using the default self-signed certificate, due to the way that Firefox handles self-signed certificates, you need to create a Security Exception:

In the Location field, type the following URL where hostname is the IP address or computer name of the server where the manager is installed:

https://hostname:8445

Click Get Certificate. When the Certificate Status appears, click on View... and confirm that the information is valid and correct for your server. If it is not, ensure you entered the correct information in the previous step.

Click on Confirm Security Exception.

Click on Add Exception once again.

In the Location field, type the following URL where hostname is the IP address or computer name of the server where the manager is installed:

https://hostname:8443

Click Get Certificate. When the Certificate Status appears, click on View... and confirm that the information is valid and correct for your server. If it is not, ensure you entered the correct information in the previous step.

Click on Confirm Security Exception and then click OK > OK to close the Options window.

To import a certificate that is not self-signed, do the following steps:

Start Firefox and in the address box, type the following URL where hostname is the IP address or computer name of the server where the manager is installed:

http://hostname:9090

Click on Symantec Endpoint Protection Manager Certificate, and then click on Save File. The file will be saved to your default Downloads folder.

Browse to your default Downloads folder, click on the file you just downloaded, click Open, and then click OK > OK to close the Options window. You should be able to successfully access the web console.

You may also need to add an exception for https://server_ip:8446 within the Firefox browser:

In the Certificate Import Wizard, click Place all certificates in the following store, click Browse, and then click Trusted Root Certification Authorities. Click OK, and then click Next.

Click Finish. If you receive a security warning window, verify the information is correct, and if it is, then click Yes to install the certificate.

To test the certificate installation, close the browser, restart it, and attempt to load the site again. If you do not see the red background in the address bar, the certificate was loaded.

Additional information

If you still have issues after adding the certificate, you may need to add a URL exception for http://server_ip:9090, where server_ip is the IP address of the Symantec Endpoint Protection Manager server, in the Java Control Panel. To do this, see the Oracle Java article, How can I configure the Exception Site List?

Imported Document ID: TECH123686

Legacy ID:
2010030413400848

Subscribing will provide email updates when this Article is updated. Login is required.